Re: [MMUSIC] Re: [BEHAVE] Re: STUN/ICE: Username length inconstency

[Jonathan Rosenberg <jdrosen at cisco.com>]

one quick response inline:

Magnus Westerlund wrote:
> Jonathan Rosenberg skrev:
> > To be specific, let me propose the following:
> >
> > rfc3489bis: says the username MUST be less than 513 bytes. It also says
> > that the STUN message when sent over UDP MUST be less than the MTU.
> >
> > ICE: says that the username fragment MUST be less than 256 bytes.
> >
> >
> > The desire for the ability to have larger usernames is not security
> > (i.e., this doesn't mean endpoints compute username fragments with 256
> > bytes of entropy), but that cases have been identified ala Dan's draft
> > of stuffing useful identifiers in there. So we want to allow that to be
> > possible in the future. Length limits always need to be carefully
> > managed, since they are nice in terms of implementation but you can
> > sometimes regret them in a really big way down the road (think SMS
> > message sizes, 640k memory limit, etc.)
>
> So do I interpret this correctly, in that STUN will have byte limit
> which is lower than in the previous draft version, but if one uses
> characters that has few bytes per character they will be allowed to be
> longer than 128? And now ICE and STUN will be aligned.

Yes. The limit is a total of 513 bytes, so this would be 513 characters 
if the characters are single byte (i.e., from the ASCII set).

Thanks,
Jonathan R.
--
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Cisco Fellow                                   Parsippany, NJ 07054-2711
Cisco Systems
jdrosen at cisco.com                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com

_______________________________________________
mmusic mailing list
mmusic at ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic